On 7/31/24 10:08, Nikunj A Dadhania wrote: > Add support for Secure TSC in SNP-enabled guests. Secure TSC allows guests > to securely use RDTSC/RDTSCP instructions, ensuring that the parameters > used cannot be altered by the hypervisor once the guest is launched. > > Secure TSC-enabled guests need to query TSC information from the AMD > Security Processor. This communication channel is encrypted between the AMD > Security Processor and the guest, with the hypervisor acting merely as a > conduit to deliver the guest messages to the AMD Security Processor. Each > message is protected with AEAD (AES-256 GCM). Use a minimal AES GCM library > to encrypt and decrypt SNP guest messages for communication with the PSP. > > Use mem_encrypt_init() to fetch SNP TSC information from the AMD Security > Processor and initialize snp_tsc_scale and snp_tsc_offset. During secondary > CPU initialization, set the VMSA fields GUEST_TSC_SCALE (offset 2F0h) and > GUEST_TSC_OFFSET (offset 2F8h) with snp_tsc_scale and snp_tsc_offset, > respectively. > > Since handle_guest_request() is common routine used by both the SEV guest > driver and Secure TSC code, move it to the SEV header file. > > Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx> > Tested-by: Peter Gonda <pgonda@xxxxxxxxxx> Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > --- > arch/x86/include/asm/sev-common.h | 1 + > arch/x86/include/asm/sev.h | 46 +++++++++++++ > arch/x86/include/asm/svm.h | 6 +- > arch/x86/coco/sev/core.c | 91 +++++++++++++++++++++++++ > arch/x86/mm/mem_encrypt.c | 4 ++ > drivers/virt/coco/sev-guest/sev-guest.c | 19 ------ > 6 files changed, 146 insertions(+), 21 deletions(-) >
